[Openstack-security] [Bug 1622690] Re: Potential XSS in image create modal or angular table

Jeremy Stanley fungi at yuggoth.org
Fri Sep 16 00:46:49 UTC 2016 

** Description changed:

- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before their coordinated publication by the OpenStack
- Vulnerability Management Team in the form of an official OpenStack
- Security Advisory. This includes discussion of the bug or associated
- fixes in public forums such as mailing lists, code review systems and
- bug trackers. Please also avoid private disclosure to other individuals
- not already approved for access to this information, and provide this
- same reminder to those who are made aware of the issue prior to
- publication. All discussion should remain confined to this private bug
- report, and any proposed fixes should be added to the bug as
- attachments.
- 
  The Image Create modal allows you to create an image sending unencoded
  HTML and JavaScript. This could lead to a potential XSS attack
  
  Steps to reproduce:
  
  1. Go to project>images
  2. Click on "Create image"
  3. In the "Image Name" input enter some HTML code or script code (i.e <h1>This is bad</h1>, <script>alert('This is bad');</script>)
  4. Fill in other required fields
  5. Click on 'Create Image'
  
  Expected Result:
  The image is created but the name is safely encoded and it's shown in the table as it was written
  
  Actual Result:
  The image name is not encoded an therefore is being rendered as HTML by the browser.

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1622690

Title:
  Potential XSS in image create modal or angular table

Status in OpenStack Dashboard (Horizon):
  Fix Committed
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  The Image Create modal allows you to create an image sending unencoded
  HTML and JavaScript. This could lead to a potential XSS attack

  Steps to reproduce:

  1. Go to project>images
  2. Click on "Create image"
  3. In the "Image Name" input enter some HTML code or script code (i.e <h1>This is bad</h1>, <script>alert('This is bad');</script>)
  4. Fill in other required fields
  5. Click on 'Create Image'

  Expected Result:
  The image is created but the name is safely encoded and it's shown in the table as it was written

  Actual Result:
  The image name is not encoded an therefore is being rendered as HTML by the browser.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1622690/+subscriptions

More information about the Openstack-security mailing list